5 files changed, 30 insertions, 49 deletions
diff --git a/roles/wireguard/tasks/main.yml b/roles/wireguard/tasks/main.yml
index 5b48998..3b8f8ae 100644
--- a/roles/wireguard/tasks/main.yml
+++ b/roles/wireguard/tasks/main.yml
@@ -15,35 +15,14 @@
     wg_host_conf: "{{ wg_dir }}/{{ ansible_host }}.conf"
     wg_host_keys: "{{ wg_dir }}/{{ ansible_host }}.keys"
 
-- name: include configuration generation
+- name: include generation configuratin
   include_tasks: generate.yml
 
-- name: include configuration synchronization
+- name: include synchronization configuration
   include_tasks: synchronize.yml
 
-- name: enable wireguard for freebsd
-  lineinfile:
-    path: /etc/rc.conf
-    regexp: "^wireguard_enable"
-    line: wireguard_enable="YES"
-  when: ansible_distribution == "FreeBSD"
-
-- name: enable interface for freebsd
-  lineinfile:
-    path: /etc/rc.conf
-    regexp: "^wireguard_interfaces"
-    line: wireguard_interfaces="{{ global.dcontroller }}"
-  when: ansible_distribution == "FreeBSd"
-
-- name: generate and enable init script
-  include_role: name=rc
-  vars:
-    rc_cmd: "{{ path_wgquick }}"
-    rc_args: "up {{ global.dcontroller }}"
-    rc_name: wireguard
-    rc_user: "{{ user_root }}"
-  ignore_errors: true
-  when: ansible_distribution != "FreeBSD"
+- name: include service configuration
+  include_tasks: service.yml
 
 - name: include server setup
   include_tasks: server.yml
diff --git a/roles/wireguard/tasks/server.yml b/roles/wireguard/tasks/server.yml
index 32d52fc..9a8d67c 100644
--- a/roles/wireguard/tasks/server.yml
+++ b/roles/wireguard/tasks/server.yml
@@ -12,27 +12,13 @@
   when: ansible_host == global.dcontroller
   delegate_to: localhost
 
-- name: generate server interface
-  template:
-    src: templates/hostname.j2
-    dest: /etc/hostname.tun0
+- name: enable wireguard interface
+  lineinfile:
+    path: /etc/rc.local
+    regexp: "^wg-quick up {{ ansible_host }}$"
+    line: "wg-quick up {{ ansible_host }}"
 
-# NOTE: interface destruction and creation exists in the same tasks,
-# to avoid being kicked out of the ssh sessions if this one exists
-# within the current VPN.
 - name: restart wireguard interface
   shell: |
-    ifconfig tun0 destroy
-    sleep 2
-    sh /etc/netstart tun0
-  register: result
-
-- name: show debug output
-  debug:
-    msg: |
-      {% for line in result.stdout_lines %}
-      "{{ line }}"
-      {% endfor %}
-      {% for line in result.stderr_lines %}
-      "{{ line }}"
-      {% endfor %}
+    wg-quick down "{{ ansible_host }}"
+    wg-quick up "{{ ansible_host }}"
diff --git a/roles/wireguard/tasks/service.yml b/roles/wireguard/tasks/service.yml
new file mode 100644
index 0000000..86d6420
--- /dev/null
+++ b/roles/wireguard/tasks/service.yml
@@ -0,0 +1,17 @@
+- name: enable wireguard for FreeBSD
+  service:
+    name: wireguard
+    state: restarted
+    enabled: true
+    args: "{{ global.dcontroller }}"
+  when: ansible_distribution == "FreeBSD"
+
+- name: generate and enable init script
+  include_role: name=rc
+  vars:
+    rc_cmd: "{{ path_wgquick }}"
+    rc_args: "up {{ global.dcontroller }}"
+    rc_name: wireguard
+    rc_user: "{{ user_root }}"
+  ignore_errors: true
+  when: ansible_distribution != "FreeBSD"
diff --git a/roles/wireguard/templates/dcontroller.conf.j2 b/roles/wireguard/templates/dcontroller.conf.j2
index a8e6292..75da219 100644
--- a/roles/wireguard/templates/dcontroller.conf.j2
+++ b/roles/wireguard/templates/dcontroller.conf.j2
@@ -4,7 +4,7 @@
 {% set dcontroller_keys = lookup("file", wg_dcontroller_keys).splitlines() %}
 
 [Interface]
-#Address = {{ ip.in }}, fd00::1/128
+Address = {{ ip.in }}/24, fd00::1/128
 ListenPort = 53
 PrivateKey = {{ dcontroller_keys[0] }}
 
diff --git a/roles/wireguard/templates/hostname.j2 b/roles/wireguard/templates/hostname.j2
index 8938320..aca3b03 100644
--- a/roles/wireguard/templates/hostname.j2
+++ b/roles/wireguard/templates/hostname.j2
@@ -1,7 +1,6 @@
 inet 10.10.0.1 255.255.255.0
 inet6 fd00:10:10::1
-!/usr/local/bin/wireguard-go -f tun0 &
-!/bin/sleep 2
+#!/usr/local/bin/wireguard-go -f tun0 &
 !/usr/local/bin/wg setconf tun0 /etc/wireguard/{{ global.dcontroller }}.conf
 !/bin/sleep 2
 !/sbin/route add -inet 10.10.0.0/24 10.10.0.1